Thanks... I'll check out the file... As far as Zone Alarm is concerned. You can tell it to remember the answer you give. After a while you will get no questions asked anymoreHi Bobbi,
I think I got the file you wanted to see uploaded in the bleeping forum.
I loaded ZA and it is giving me grief. so much to keep an eye on using this...ignorance is bliss with the Micro firewall...
Thanks Ruth
CWS, Trojans and Keylogger havin' a party [CLOSED]
#76
Posted 17 October 2005 - 02:56 AM
#77
Posted 18 October 2005 - 04:23 AM
I looked at the file, and to me it looks like a log file from some sort of web server, or backdoor.
I PM'd you... If this is personal data, I don't want to spread it out on the net
#78
Posted 20 October 2005 - 11:01 AM
as said in PM this is generic fix for this infection.
Launch Notepad, and copy/paste the box below into a new text file. Save it as fixme.reg and save it on your Desktop.
Locate fixme.reg on your Desktop and double-click on it.REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Srv32Win"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\%Windir%\unvise32.exe"=-
[-KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyCaptor]
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".
The above Registry file was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!
Delete the following files in red (it could be that they are deleted already):
C:\WINNT\kcopts.dat
C:\WINNT\NTInvisible.dll
C:\WINNT\SystemSA32.dll
C:\WINNT\unvise32.exe
C:\WINNT\spysplash.dat
Delete the following folders in red (it could be that they are deleted already):
C:\Program Files\KeyCaptor
C:\Documents And Settings\Ruth\Start Menu\Programs\Keycaptor
Can you post a log from SpywareDoctor and HijackThis after this. Thanks.
#79
Posted 06 November 2005 - 04:10 PM
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users